SPF record (Sender Policy Framework) is a type of TXT record which contains information about which SMTP servers (IP addresses) are allowed to send e-mails from your domain. Main purpose of this record is to limit falsification of the e-mail sender and thus prevent SPAM.
How does SPF record look?
SPF record is a text string in a format described bellow:
v=spf1 a mx include:_spf.websupport.cz ?all
The record represents that for domain mydomain.tld the authoritative SMTP server is smtp.websupport.cz. When you send your message from smtp.websupport.cz, receiving mail server (if it supports SPF records) will verify the data. If your e-mail was sent from correct IP address of SMTP server (smtp.websupport.cz) it will be acknowledged and processed.
However if the message is sent from IP address of a different server – eg. smtp.example.com (with IP 1.2.3.4), the message will not be processed by receiving mail server. The IP address 1.2.3.4. is not defined in the SPF record and thus this server is not authorized to send massages and message is considered to be a potential SPAM.
Editing SPF record is the same as editing other TXT records for in our administration is SPF record part of TXT records.
Combining multiple SPF records
TXT record for SPF can by only one in DNS zone. If you need to allow multiple outgoing servers, you need to combine all SPF records together.
If you need to, for example, add google SPF to our SPF record, you can do so as follows:
- Original record: v=spf1 a mx include:_spf.websupport.cz ?all
- New record: v=spf1 a mx include:_spf.websupport.cz include:_spf.google.com ?all
Records are separated by spaces. With this settings both the servers of Active24 and Google are authorized to send your mails. All other servers are not allowed and won’t pass the SPF check.
Troubleshooting
Rejecting e-mails because SPF check
If the receiver’s mail server supports SPF check, message from different server which is not defined in the SPF record will be returned as rejected by receiver’s mail server with error message:
"550 Message rejected because SPF check failed."
In such a case there are 2 options how you to deliver the e-mail to the recipient.
- Administrator or sender adds correct SPF record to the domain DNS records.
- Recipient will turn off SPF checks on his domain. This setting might increase incoming SPAM messages on mail boxes under set domain.
Turning Off SPF Check
1. Log in to WebAdmin
2. Select domain for which you want to turn off SPF check from the Services tab
3. In the left menu select E-mails
4. Go to Setting and select Domain security – SPF and turn off SPF check.
